1 / 11

EAP/CDMA2000 WLAN Access Authentication Using R-UIM

EAP/CDMA2000 WLAN Access Authentication Using R-UIM. Lily Chen and Louis Finkelstein Motorola Inc. April 8, 2004. Outline. Introduction Basic Ideas Protocols. Introduction. The proposal assumes the WLAN terminal interfaces with the CDMA2000 R-UIM. MT0 model and MT2-TE2 model

naida-giles
Download Presentation

EAP/CDMA2000 WLAN Access Authentication Using R-UIM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EAP/CDMA2000WLAN Access Authentication Using R-UIM Lily Chen and Louis Finkelstein Motorola Inc. April 8, 2004

  2. Outline • Introduction • Basic Ideas • Protocols

  3. Introduction • The proposal assumes the WLAN terminal interfaces with the CDMA2000 R-UIM. • MT0 model and MT2-TE2 model • It executes the EAP protocol for WLAN access authentication. • It assumes the same architecture as in the Lucent contribution. • The EAP-Server (e.g., AAA) shall be able to interface with a CDMA2000 CAVE-based Authentication Center (AC); therefore, it supports the necessary subset of the SS7 authentication protocol. • It generates a WLAN Master Key (WKEY) as proposed by Lucent. • It supports both the SSD-shared and the SSD-not shared situation as proposed by Huawei. • It demands no changes to the CDMA2000 HLR/AC. • It minimizes the network traffic when adding WLAN service to an existing infrastructure.

  4. Basic Ideas • EAP/CDMA2000 generates a WLAN master key (WKEY) from the CDMA2000 encryption key SMEKEY (or KEY/VPM) as defined in IS-41. • A WKEY update can be triggered by the HLR/AC via the SSD update procedure or by the WLAN AAA via the global challenge. • In the case that the SSD is not shared with the remote network, the WLAN-EAP server can use a WKEY for WLAN authentication without interacting with the HLR for each and every WLAN access. • It can significantly minimize the network traffic, especially the traffic to the CDMA2000 HLR/AC for WLAN service. • It supports SSD update with the WLAN terminal initiated by HLR/AC. • It supports the unique challenge initiated by the HLR/AC.

  5. EAP/CDMA2000 ANSi-41 WLAN Device WLAN Auth Server CDMA HLR/AC Access Request Auth Data? Yes No EAP/Global Global ch/resp EAP/Global Resp EAP/Unique Unique Ch Unique Resp EAP/Unique Resp Success EAP/Success AUTHREQ SMEKEY WLAN/CDMA Auth & derive session keys High Level Illustration

  6. Client Server EAP-Request / Identity EAP-Response / Identity EAP-Request / CDMA2000/Start EAP-Response / CDMA2000/Start (RAND/req) EAP-Request / CDMA2000/Global EAP-Response / CDMA2000/Global EAP-Request / CDMA2000/Unique EAP-Response / CDMA2000/Unique EAP-Request / CDMA2000/Challenge (RANDch) EAP-Response / CDMA2000/Challenge EAP-Success EAP/CDMA2000 Full Authentication CDMA2000 HLR/Ac Depending on whether SSD shared or not shared

  7. Client Server EAP-Request / Identity EAP-Response / Identity EAP-Request / CDMA2000/Start EAP-Response / CDMA2000/Start (RAND/req) EAP-Request / CDMA2000/Global EAP-Response / CDMA2000/Global EAP-Request / CDMA2000/Challenge (RANDch) EAP-Response / CDMA2000/Challenge EAP-Success EAP/CDMA2000 Authentication with WKEY Update CDMA2000 HLR/Ac Depending on whether SSD shared or not shared

  8. Client Server EAP-Request / Identity EAP-Response / Identity EAP-Request / CDMA2000/Start EAP-Response / CDMA2000/Start (RAND/req) EAP-Request / CDMA2000/Challenge (RANDch) EAP-Response / CDMA2000/Challenge EAP-Success EAP/CDMA2000 Authentication without WKEY Update CDMA2000 HLR/Ac No traffic even when SSD is not shared

  9. Client Server EAP-Request / Identity EAP-Response / Identity EAP-Request / CDMA2000/Start EAP-Response / CDMA2000/Start (RAND/req) EAP-Request / CDMA2000/SSD EAP-Response / CDMA2000/SSD (RANDBS) EAP-Request / CDMA2000/SSDBS (AUTHBS) EAP-Response / CDMA2000/SSDBS EAP-Request / CDMA2000/Unique EAP-Response / CDMA2000/Unique EAP-Request / CDMA2000/Challenge (RANDch) EAP-Response / CDMA2000/Challenge EAP-Success EAP/CDMA2000 SSD Update CDMA2000 HLR/Ac Initiated by CDMA2000 HLR/AC

  10. Proposal • We propose • That the WLAN and CDMA2000 inter-working architecture support R-UIM-based authentication under the following conditions. • Considers both the SSD-shared and the SSD-not shared situation. • Maintains the CDMA2000 HLR/AC interface without changes. • Does not increase network traffic significantly by using the WLAN service. • Uses EAP/CDMA2000 as the authentication protocol for R-UIM- based authentication.

  11. Issues • IETF Effort • Currently, there are no IETF RFCs for the EAP/CDMA2000 prortocol. • We can work with the IETF in order to generate a draft (similar to EAP/SIM and EAP/AKA). • Current name of the protocol – EAP/CDMA2000 • We would like to emphasize the CDMA2000 authentication credentials and protocols. • However, we have no objection to any suggested names for the proposed protocol :>).

More Related